In recent years, a digital camera has broadly spread in which an optical image is converted through a lens into electric signal by a sensor such as CCD or CMOS, and the acquired data is saved in the digital format.
The digital camera has various merits that not only a labor of developing and printing a photographed image can be saved, as in the conventional silver halide photography, but also there is no aged deterioration, the image is easily stored or retrieved, and data can be transmitted to the remote site through the telecommunication line. Therefore, the digital camera is utilized in many business fields.
However, some demerits of digitalization are pointed out. They are caused by a feature that the digital image is easily processed or corrected by employing a photo retouch tool available on the market.
Accordingly, there is a need for a scheme that overcomes the shortcoming of the digital image that the image alteration is easy.
At present, a falsification detection system for the image data based on the digital signature with an encryption technology has been proposed. For instance, the system as proposed in the U.S. Pat. No. 5,499,294 comprises an image generation apparatus (camera) that generates the image data and an image verification apparatus that verifies the completeness of the image data. This image generation apparatus generates the digital signature data that is information identifying the image data (detecting the falsification) by performing a predetermined arithmetic operation based on the secret information unique to the image generation apparatus and the digital image data photographed by the image generation apparatus. And the generated digital signature data and the digital image data are outputted from the image generation apparatus. On the other hand, the image verification apparatus makes the verification by comparing the resultant data of performing a predetermined arithmetic operation on the digital image data and the resultant data of performing a reverse generation operation on the digital signature data. A hash function (compressibility function) and the public key encryption are employed for generating the digital signature data in the U.S. Pat. No. 5,499,294.
A MAC (Message Authentication Code) may be employed, instead of the digital signature data. The MAC is generated using a shared key encryption and the hash function, and has a feature that the processing speed is higher than the public key encryption. However, it is required that the shared key used for generating or verifying the MAC is managed strictly in the image verification apparatus.
The image data photographed by the camera is usually memorized in a small memory card (nonvolatile memory) connected with the camera, and the memory card is composed chiefly of a flash EEPROM. Moreover, in addition to the flash EEPROM, a memory card or IC card with a security function having an arithmetic operation part composed of CPU, RAM, and ROM has been put to practical use. With these arithmetic operation functions, the data for falsification detection such as the digital signature data can be generated outside the image generation apparatus (i.e., inside the memory card or IC card).
In the following, a system for detecting the falsification by using the MAC or digital signature for the image generation apparatus such as the camera will be considered. The MAC is the scheme for creating the verification data by using the shared key encryption and verifying it, as previously described. However, if the shared key is known, the safety can not be assured. Also, in the digital signature, if the private key used for the signature is known, the safety is not warranted. Hence, when the camera is on the creation side of the verification data and the IC card is on the verification side, the image generation apparatus such as the camera is weaker in the security performance than the IC card.